Aaron Barr, CEO of security company HBGary Federal, spent the month of January trying to uncover the real identities of the hacker collective Anonymous—only to end with his company website knocked offline, his e-mails stolen, 1TB of backups deleted, and his personal iPad wiped when Anonymous found out.

Our lengthy investigation of that story generated such interest that we wanted to flesh out one compelling facet of the story in even more detail. In a sea of technical jargon, social media analysis, and digital detective work, it stands out as a truly human moment, when Barr revealed himself to Anonymous and dialogued directly with senior leaders and "members" of the group.

The encounter began on February 5. Barr had managed to get his work written up in a Financial Times story the day before, and now strange traffic was pouring in to HBGary Federal. With his research done and his story in print, Barr needed only to work up some conference slides and prepare for a meeting with the FBI, which had been tracking Anonymous for some time. So Barr ditched the covert identities he had been using to watch the group, and on February 5 he approached a person on Facebook whom he believed was the powerful CommanderX.

Barr's apparent motives were multiple: to mitigate any revenge upon his company, but also to meet as equals with his hacker subjects. No harm, no foul, right? Anonymous didn't agree. (Quotes in this article are provided verbatim, typos and all.)

Barr: CommanderX. This is my research… I am not going to release names I am merely doing security research to prove the vulnerability of social media so please tell [redacted] and [redacted] or whoever else is hitting our site to stop.

CommanderX: Uhhh…. not my doing! Just as a thought… wouldn't that be valuable data to your research?

Barr: I am done with my research…doing my slides…I am not out to gut u guys. My focus is on social media vulnerabilities only. So please tell the folks there that I am not out to get you guys… I knew you guys were a risky target but nothing risked nothing gained. People can show their bravado thats fine I can deal with that. Just want the 'leadership' to know what my intent is…that will filter as it needs to I am sure.

Barr: … I will talk about aliases. I won't talk about names. But please don't play me a chump any more than you have to to protect anons cred. I know more than IRC aliases…. u have a lot of firepower and know how in some dark corners…hell some of them may even know Greg Hoglund the CEO of our other company. So if it is some of your guys just want to make sure they don't get too aggressive.

CommanderX: Which website?

Barr: hbgaryfederal.com

CommanderX … I warn you that your vulnerabilities are far more material. One look at your website locates all of your facilities. You might want to do something about that. Just being friendly. I hope you are being paid well.

"Come at us, bro"

Barr then entered an Anonymous IRC chat room, where his "CogAnon" profile had already been exposed. When he showed up, this is what greeted him. (Anonymous handles have been altered in this non-public section of chat.)

[23:47] <CogAnon> guys I'll tell you...it was only research...it has now become a criminal matter...

[23:48] <CogAnon> our website was hacked...twitter account... email.... ok...guys if thats the way u want to play it.

[23:49] <CogAnon> not sure why u had to make it personal...I had 2 other usecases...

[23:49] <CogAnon> but ok... I figured this might happen...I am not upset... it just takes a differnt path...

[23:51] <CogAnon> ok see you guys later...not even close to end of career... :) need to finish my talk.

[23:52] <ANON2> maybe CogAnon will enjoy what's uploading right now

[00:18] * CogAnon is now known as AaronBarr

The material "uploading right now" was apparently Barr's private e-mails; Anonymous had infiltrated his company e-mail server, where Barr was the admin, and had taken more than 40,000 messages from three top execs. They were then uploaded to The Pirate Bay.

"What's coming next is the delicious cake"

The next day, February 6, the attacks turned serious, and Barr realized the extent of what Anonymous had done to him and to his company, which was currently in negotiations to sell itself to a pair of interested buyers. This was no longer a game; it looked more like war. The sheer freewheeling raucousness of what follows illustrates as well as anything the nature of Anonymous, and it's worth quoting at length. (A few unimportant bits have been stripped for clarity, denoted by an ellipsis.)

Note that several members of the channel have already seen Barr's e-mails. (Read the full public log.)

On February 7, Barr's compromised Twitter account contained the following posts, which appear to be from Barr himself—though it's hard to say. (Those from his Anonymous persecutors have a very different tone, and contain more links and profanity.)

Ok. Well this has been fun. Anon has certainly done a number on me for the last, wow has it only been 24hrs? Seems longer...

site defaced, twitter hacked, email taken...priceless.

Does this mean I have become an internet celebrity...not quite how I imagined it?

ok. So Anon has done a number on me. Probably going to take a bit to piece things together, probably more to come.

But there has been no more to come. Twitter has now locked the account, according to Anonymous.

The persecution was brutal. People began defacing images of Barr, hosting them all in a central repository for easy viewing—they even dredged up a personal picture of the man dressed as The Hulk for a round of trick-or-treating with his kid. HBGary, a part owner of HBGary Federal, sent its own President Penny Leavy into the Anonymous chat rooms to ask them to stop—or at least to keep the e-mails private. Anonymous did not, demanding instead Barr's resignation.

Members of the group have spent today apparently prepping to release a new e-mail archive from Leavy's husband, the respected security pro Greg Hoglund, whose own site rootkit.com was compromised by (allegedly) a 16-year-old through a bit of social engineering. The persecution continues.

So this guy waded into a tank full of hungry sharks wearing a meat suit and got torn to shreds. Maybe next time he should try securing his internet access and presence before doing something like this.

The interesting thing though is that he apparently did manage to identify the Facebook accounts of at least one important member of Anonymous, did he not?

It's strange. Organizations that can bring about overall positive social change seem to be composed of people that will perplex the general public, whereas the most lobby-happy, bloodsucking corporations will have friendly-sounding receptionists.

Seriously, he messed with Anon and expected a "oh hai guys, just doing research, no harm no foul amirite?" to get him off the hook? REALLY?

And also:

HissingNewt wrote:

It's surprising how touchy they get when it's their info being released. I was under the impression that they were big into that whole "freedom of information" deal with Wikileaks.

Public government information != private information. I swear I must've posted those exact words a dozen times now. And of course, this is Anon; expecting logical consistency from them is like expecting useful energy from Browning motion. Not gonna happen.

An incompetent "security" "researcher" and publicity-wanting CEO, working for a "security" company gets his entire personal and professional life turned upside down...and exposed on the entire internet as being an idiot who not only plays with time-bombs, but has no knowledge of maths or probabilities.

This is historically priceless. I don't condone with what Anonymous did...bud this Aaron Barr is worthy of an award. Not in a good way mind you.

The interesting thing though is that he apparently did manage to identify the Facebook accounts of at least one important member of Anonymous, did he not?

Just what I was thinking. Unless he contacted a total random on Facebook who decided to play along. Also, in the IRC they acknowledge the conversation, though don't explicitly say one way or another whether or not Barr was actually talking to the right guy.

I was thinking today that when this is all over (if it's ever over), it'd make an incredible book. Honestly you could probably dig a little more info on the initial issues, slap the articles together as chapter-like elements, and I'd buy it. I know I could just bookmark the stories, but I lose/forget bookmarks a lot more than I lose/forget books.

It's surprising how touchy they get when it's their info being released. I was under the impression that they were big into that whole "freedom of information" deal with Wikileaks.

If Anon is to believed, their issue is that the info is wrong, and fingers a number of innocent and unrelated people.

Seems probable. But it also seems probable that he got CommanderX, and in the feature story yesterday, someone said Barr erroneously fingered his girlfriend. Still, in the hands of the FBI, that's more than enough to go on. The unfortunate thing is that Anon's members, who are really only guilt of what amounts to online vandalism, will be charged with much worse. The federal government is going to go after them because Wikileaks' staff is too hard to get, and they'll be doing years in prison when a $50 fine would be a more fitting punishment.

I read through the public IRC chat log that was linked to the other article (as much as I could sift through all the junk in it). One of the members mentioned using an SQL injection on the website (rootkit.com is the one I think). He was, of course, surprised that the site didn't use basic input sanitizing.

As for the others, I'm not sure. From what I've read, they gained access to a web server (maybe with that SQL injection that was mentioned) and then used lateral movement to infiltrate the other servers (like CommanderX mentioned in the article, "One look at your website locates all of your facilities.") Also, somewhere along the line, some kind of social engineering was used against an admin named Jussi to gain root access to a server, presumably by a 16-year old girl.

It's surprising how touchy they get when it's their info being released. I was under the impression that they were big into that whole "freedom of information" deal with Wikileaks.

Public government information != private information. I swear I must've posted those exact words a dozen times now. And of course, this is Anon; expecting logical consistency from them is like expecting useful energy from Browning motion. Not gonna happen.

Yeah, those memos were not public information (and for good reason, other countries don't need to know what our diplomats think of them). All those leaks did was sour some relationships between countries for no real gain in knowledge.

The commentators on both this and the prior article miss an important point. While it's hilariously ironic and fitting that a professional security/hacking company got hacked, negligence in their workplace does not necessarily mean professional incompetence.

For example even pretty decent computer IT techs have broken computers lying around that they're perfectly capable of fixing, or programmers who know of bugs they're either too lazy or whatnot to attend to.

Specific to this article, though, Barr himself is pretty much a dumbass if he spent all this time studying Anon and didn't see this coming.

If their releasing Gregs emails as well I take it "negotiations" fell through with penny.

I also have a hard time believing that this Aaron Barr thought he could waltz in, say "chill dudes it was only research!" And then expect them to just let go, especially from the group that has a moto close to never forget, never forgive. Especially when your research is pretty much a direct attack on how you opperate. *smacks head*

I just hope he somehow manages to get the FBI involved in the hacking part of this one. I want to see more headlines of Anonymous doors being bust down. The saga of Anonymous is getting more and more entertaining each and every day.

One thing to remember, no matter what kind of group it is, there are always natural leaders and people who need (or feel they need) one. It's the same with anonymous, no matter how they deny it, there will always be someone who has influence over the rest of the group.

CommanderX even hinted at it in the article, "CommanderX: 'Leadership' lmao [laughing my ass off] it has grown beyond my control, just as I intended."

Even if they do somehow manage to snag a member or two of anon, I really doubt it will change anything, someone will simply step in and take their place.

While it certainly could be a lead, I can't really be certain that the claim that they caught his girlfriend is truly a lead. It could be an outright lie, and that kind of red herring will have the FBI spinning their wheels long enough for some lulz.

In any case Barr is a bonehead, right, wrong, or indifferent, he should have known better. With the mess anon made over the whole wikileaks thing, he didn't imagine that a perceived direct attack on them would constitute a devastating countermeasure? That is just plain stupid. And honestly the potential customers of this "security" company should be singing the praises of Anon for saving them from getting involved with a company this painfully bad at their job.

I for one support Anon, with all the soulless lobbyists, politicians, and corporations looking to screw over the little guy, it is nice to see someone who is willing to lay the smack down on someone without any real monetary gain.